7182500 OCSP revocation checking fails if OCSP response does not contain certificates
Vincent Ryan
vincent.x.ryan at oracle.com
Tue Jul 10 20:34:20 UTC 2012
Hello,
Please review the following changeset for JDK 7u6:
http://cr.openjdk.java.net/~vinnie/7182500/
The bug report is at:
http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=7182500
The error occurs when an OCSP responder opts not to return the signing
certificate used in an OCSP response. The fix is to set the default
signer cert to be the cert of the issuer of the cert being validated.
This fix addresses a regression in the OCSP client which was introduced
in my fix for CR 7168191
(http://hg.openjdk.java.net/jdk7u/jdk7u6-dev/jdk/rev/52ab0f489dab).
Thanks.
More information about the security-dev
mailing list